A design problem in my program
-
I'm building a GUI program in qt for Linux that runs as a standard user, but occasionally needs to write to a file with root privileges, but as soon as it write the file I need it to drop those privileges. My initial intent was to use QProcess with pkexec to implement the privilege handling, but I don't know how to go from QByteArray of bytes to the actual file in a nice Qt way, I mean I could just write all the bytes to the command line chain, but that just seem really hacky. Anyone know of any examples/have any ideas how to design this?
Thanks
-
I'm building a GUI program in qt for Linux that runs as a standard user, but occasionally needs to write to a file with root privileges, but as soon as it write the file I need it to drop those privileges. My initial intent was to use QProcess with pkexec to implement the privilege handling, but I don't know how to go from QByteArray of bytes to the actual file in a nice Qt way, I mean I could just write all the bytes to the command line chain, but that just seem really hacky. Anyone know of any examples/have any ideas how to design this?
Thanks
@MDCato You could first write to a normal (not privileged) file and use pkexec to copy this file to the privileged location. If you need to append you could also do "cat file1 >> file2" where file2 is the one where you need root.
-
I was considering this as a possibility, however, this would create a race condition, where if someone was clever enough to alter the intermediate file quickly enough before the final write, that would be a vulnerability. I forgot to say that I would like to make this as secure as possible, but Thank you for your help.
-
Hi,
Can you explain a bit the context ? That might help spark ideas.
-
Okay, I have a main Qt GUI program that is being run as "user1", as it should not need any elevated privileges during most of the programs execution. However, it will need to occasionally write data it generates to a privileged file location, at which point the user will need to approve the temporary privilege elevation (through the system's popup). After the GUI finished the write it will remove the privilege elevation and return to normal execution.
I figured out what this is, it's Inter-Process-Communcation (IPC), and there's several ways to do this, one way that I'm, leaning towards is QSharedMemory. I believe it allows 2 separate processes to share data between them, and each process can be running with different permissions, I will have to dig deeper into how to use it, but I believe that I can run my main program as user1, and run a second Qt non-GUI program as root, and use QSharedMemory to pass data from the first program to the second program. without changing the execution permissions of the first program and the root program can do the writing to the file.
-
Okay, I have a main Qt GUI program that is being run as "user1", as it should not need any elevated privileges during most of the programs execution. However, it will need to occasionally write data it generates to a privileged file location, at which point the user will need to approve the temporary privilege elevation (through the system's popup). After the GUI finished the write it will remove the privilege elevation and return to normal execution.
I figured out what this is, it's Inter-Process-Communcation (IPC), and there's several ways to do this, one way that I'm, leaning towards is QSharedMemory. I believe it allows 2 separate processes to share data between them, and each process can be running with different permissions, I will have to dig deeper into how to use it, but I believe that I can run my main program as user1, and run a second Qt non-GUI program as root, and use QSharedMemory to pass data from the first program to the second program. without changing the execution permissions of the first program and the root program can do the writing to the file.
@MDCato
I will just throw this in for your consideration.You can use
pkexecand/or separate privileged process with some IPC if that is your preference. But since you are Linux you can also use the standard, original way of doing this by installing your executablesetuid. You then swap torealuidupon start-up, and only gosetuid(effective used id) while you need to write the permission-restricted file, switching immediately back torealuidupon completion.Qt itself does not provide an interface to Linux
setuidcalls, but nothing stopping you calling the functions yourself, there are times when you do platform-specific things in your Qt application.I'm not going to get into the pro & cons of
setuidvspkexecvs IPC to a demon process. You can read up on that yourself from the web, which you should do. I'll just say that withsetuidyou would do everything from your Qt app , so there would be no issues about passing the desired file content to another process. -
Since it's in a privileged location, do you have something else accessing that file ?
